The Power of Tanium

A communication platform that has immense power and flexibility and plays well with others

After almost 20 years in the information security business and seeing cybersecurity vendors come and go by the dozens, I must say there is one vendor that’s been catching my eye and that I believe has some standing power in this ever changing industry: Tanium. For a platform to understand natural-language questions for interrogating millions of endpoints in seconds, in real time, and at scale is pretty incredible.

By now, you would think organizations would have the most basic cyber IT fundamentals down to a science, yet here we are and organizations still can’t patch, segment or locate indicators of compromise (IOC) effectively. Because there is still this struggle, a company like Tanium came along.

Tanium is not a product, it’s a communication platform with immense power and flexibility, and frankly plays equally well in IT operations and even IT security. The size of your network doesn’t even matter. It actually performs faster the bigger the environment.

Don’t believe me? Take a look at these use cases.

Cloud Migrations

Once you have chosen your cloud provider and have identified the right applications to migrate to the cloud, Tanium can help identify and close vulnerabilities within your applications before initiating the actual migration. Then, once your application is in the cloud, you can implement a strategy that promotes security for ongoing operations across your chosen cloud provider.

Data Center Refresh

Use Tanium to uniquely query for and produce detailed inventory information for every asset within an enterprise environment – from employee workstations to remote data centers, branch location servers, virtual machines or assets in the cloud – in just seconds. Gather any attribute, including but not limited to the name, manufacturer, model, CPU, MAC address, RAM and disk space details.

Windows 10 Migrations

WWT and Tanium avoid the traditional methods of booting and imaging PCs typically involved in Windows migrations. With no reliance on USB or PXE, we provide an automated and proven zero touch migration path to Windows 10 that’s conducted remotely to avoid disruptions to your day-to-day operations or ongoing missions.

For example, Tanium inventories hardware and software prior to an upgrade, it distributes our CPMigrator package and initiates the upgrade. WWT’s CPMigrator automates the upgrade from Windows 7 to Windows 10 and re/installs the CMT agent. Finally, Tanium performs a post-Windows 10 hardware/software validation and begins managing the endpoint. Organizations then gain more speed and scale and less risk and costs.

While Tanium packs a punch all by itself, its ability to play well with others is equally impressive. If your organization has already made investments in Cisco, Splunk, Palo Alto, Phantom Cyber or FireEye, Tanium can integrate seamlessly and help optimize your investments.

And in case you still don’t believe me, here’s some more use cases. 🙂

Vendor Integrations

Splunk

Through Tanium Connect, an organization can establish bi-directional communication between Tanium and Splunk. Once the connection is made, Tanium can populate dashboard information within Splunk as well as detection alerts. Splunk can also issue calls to Tanium when response is necessary.

Palo Alto

When Palo Alto detects a breach, it can directly trigger Tanium to search and remediate repeat offenders almost instantly across the entire organization.

Cisco

From a Cisco perspective, it is easy to demonstrate a detect and quarantine scenario. Tanium detects a malware hash on an endpoint and then quarantines that same endpoint into a safe network by Cisco Identity Services Engine. This piece can also be done using a security automation platform to create IOCs based on input from other Cisco solutions such as OpenDNS. Using OpenDNS, you can easily engage Tanium to search and remediate hundreds of thousands of endpoints in seconds. You can even perform a simple Tanium patch resolution with a Cisco detection product like Firepower or AMP for Endpoints.

Chris Konrad is the global practice lead for security engagements at WWT. Chris brings more than 20 years of experience in IT, security, privacy, information risk management, vendor management and regulatory compliance.

Additional Resources

This workshop is intended to help administrators, engineers, architects and technical personnel to define and build a basic service model and understand the skills and techniques vital to NSO service modeling.

Organizations understand that providing users with secure access can be challenging and strenuous. Identity and Access Management (IAM) is an enterprise program that focuses on ensuring that authorized people and devices have the appropriate access at the right time.